NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:June 21, 2026, 4:01 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
319701	9.8	CRITICAL Network	ivanti	virtual_traffic_management	Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.	CWE-287 Improper Authentication	CVE-2024-7593	2024-09-25 10:00	2024-08-14	Show	GitHub Exploit DB Packet Storm

319702	5.5	MEDIUM Local	apple	macos	A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data.	CWE-281 Improper Preservation of Permissions	CVE-2024-44188	2024-09-25 05:38	2024-09-17	Show	GitHub Exploit DB Packet Storm

319703	5.5	MEDIUM Local	apple	macos	A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data.	CWE-281 Improper Preservation of Permissions	CVE-2024-40859	2024-09-25 05:31	2024-09-17	Show	GitHub Exploit DB Packet Storm

319704	7.5	HIGH Network	zitadel	zitadel	Zitadel is an open source identity management platform. ZITADEL's user account deactivation mechanism did not work correctly with service accounts. Deactivated service accounts retained the ability t…	NVD-CWE-noinfo	CVE-2024-47000	2024-09-25 05:25	2024-09-20	Show	GitHub Exploit DB Packet Storm

319705	6.5	MEDIUM Network	zitadel	zitadel	Zitadel is an open source identity management platform. ZITADEL's user grants deactivation mechanism did not work correctly. Deactivated user grants were still provided in token, which could lead to …	NVD-CWE-noinfo	CVE-2024-46999	2024-09-25 05:20	2024-09-20	Show	GitHub Exploit DB Packet Storm

319706	7.5	HIGH Network	envoyproxy	envoy	Envoy is a cloud-native high-performance edge/middle/service proxy. Jwt filter will lead to an Envoy crash when clear route cache with remote JWKs. In the following case: 1. remote JWKs are used, whi…	CWE-476 NULL Pointer Dereference	CVE-2024-45809	2024-09-25 05:12	2024-09-20	Show	GitHub Exploit DB Packet Storm

319707	7.5	HIGH Network	envoyproxy	envoy	Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy will crash when the http async client is handling `sendLocalReply` under some circumstance, e.g., websocket upgrade, and requ…	NVD-CWE-noinfo	CVE-2024-45810	2024-09-25 04:48	2024-09-20	Show	GitHub Exploit DB Packet Storm

319708	4.8	MEDIUM Network	mage-people	bus_ticket_booking_with_seat_reservation	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MagePeople Team Bus Ticket Booking with Seat Reservation allows Stored XSS.This issue affe…	CWE-79 Cross-site Scripting	CVE-2024-43985	2024-09-25 04:33	2024-09-18	Show	GitHub Exploit DB Packet Storm

319709	6.1	MEDIUM Network	couchbase	couchbase_server	Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and all earlier versions allows HTTP Host header injection.	CWE-74 Injection	CVE-2024-25673	2024-09-25 04:08	2024-09-20	Show	GitHub Exploit DB Packet Storm

319710	5.5	MEDIUM Local	apple	macos ipados iphone_os visionos tvos watchos	A logic error was addressed with improved error handling. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS So…	NVD-CWE-noinfo	CVE-2024-44183	2024-09-25 04:04	2024-09-17	Show	GitHub Exploit DB Packet Storm

319711	2.4	LOW Physics	apple	iphone_os ipados	The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18. An attacker with physical access may be able to access contacts from the lock screen.	NVD-CWE-noinfo	CVE-2024-44180	2024-09-25 04:04	2024-09-17	Show	GitHub Exploit DB Packet Storm

319712	5.5	MEDIUM Local	apple	macos ipados iphone_os	A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. An app …	NVD-CWE-noinfo	CVE-2024-44184	2024-09-25 04:03	2024-09-17	Show	GitHub Exploit DB Packet Storm

319713	6.5	MEDIUM Network	apple	macos safari	The issue was addressed with improved UI. This issue is fixed in Safari 18, macOS Sequoia 15. Visiting a malicious website may lead to address bar spoofing.	NVD-CWE-noinfo	CVE-2024-40866	2024-09-25 04:02	2024-09-17	Show	GitHub Exploit DB Packet Storm

319714	5.5	MEDIUM Local	apple	macos iphone_os ipados	This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to access sensitive user data.	CWE-59 Link Following	CVE-2024-44131	2024-09-25 04:01	2024-09-17	Show	GitHub Exploit DB Packet Storm

319715	4.4	MEDIUM Local	apple	macos	This issue was addressed with improved data protection. This issue is fixed in macOS Sequoia 15. An app with root privileges may be able to access private information.	NVD-CWE-noinfo	CVE-2024-44130	2024-09-25 03:49	2024-09-17	Show	GitHub Exploit DB Packet Storm

319716	5.5	MEDIUM Local	apple	macos	An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to read sensitive location informa…	NVD-CWE-noinfo	CVE-2024-44181	2024-09-25 03:39	2024-09-17	Show	GitHub Exploit DB Packet Storm

319717	7.5	HIGH Network	apple	macos	The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. A logic issue existed where a process may be able to capture screen contents without user consent.	NVD-CWE-noinfo	CVE-2024-44189	2024-09-25 03:33	2024-09-17	Show	GitHub Exploit DB Packet Storm

319718	2.4	LOW Physics	apple	iphone_os ipad_os	The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18. An attacker with physical access may be able to access contacts from the lock screen.	NVD-CWE-noinfo	CVE-2024-44139	2024-09-25 03:30	2024-09-17	Show	GitHub Exploit DB Packet Storm

319719	5.5	MEDIUM Local	apple	macos	This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15. An app may be able to read sensitive location information.	NVD-CWE-noinfo	CVE-2024-44134	2024-09-25 03:26	2024-09-17	Show	GitHub Exploit DB Packet Storm

319720	5.5	MEDIUM Local	apple	macos	This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15. On MDM managed devices, an app may be able to bypass certain Privacy preferences.	NVD-CWE-noinfo	CVE-2024-44133	2024-09-25 03:24	2024-09-17	Show	GitHub Exploit DB Packet Storm

319721	9.8	CRITICAL Network	tenda	ac15_firmware	Command Injection vulnerability in goform/SetIPTVCfg interface of Tenda AC15 V15.03.05.20 allows remote attackers to run arbitrary commands via crafted POST request.	CWE-77 Command Injection	CVE-2023-36103	2024-09-25 03:10	2024-09-11	Show	GitHub Exploit DB Packet Storm

319722	4.3	MEDIUM Network	jetbrains	youtrack	In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflows attached to a project	CWE-863 Incorrect Authorization	CVE-2024-47159	2024-09-25 03:09	2024-09-20	Show	GitHub Exploit DB Packet Storm

319723	7.8	HIGH Local	samsung	exynos_1480_firmware exynos_2400_firmware	An issue was discovered in Samsung Mobile Processor Exynos 1480, Exynos 2400. The xclipse amdgpu driver has a reference count bug. This can lead to a use after free.	CWE-416 Use After Free	CVE-2024-31960	2024-09-25 03:08	2024-09-11	Show	GitHub Exploit DB Packet Storm

319724	5.3	MEDIUM Network	jetbrains	youtrack	In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible	CWE-863 Incorrect Authorization	CVE-2024-47160	2024-09-25 03:03	2024-09-20	Show	GitHub Exploit DB Packet Storm

319725	5.5	MEDIUM Local	apple	macos	An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data.	NVD-CWE-noinfo	CVE-2024-44186	2024-09-25 03:03	2024-09-17	Show	GitHub Exploit DB Packet Storm

319726	5.5	MEDIUM Local	apple	macos	A path handling issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to read arbitrary files.	CWE-22 Path Traversal	CVE-2024-44190	2024-09-25 03:02	2024-09-17	Show	GitHub Exploit DB Packet Storm

319727	5.3	MEDIUM Network	jetbrains	youtrack	In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page	CWE-522 Insufficiently Protected Credentials	CVE-2024-47162	2024-09-25 02:57	2024-09-20	Show	GitHub Exploit DB Packet Storm

319728	9.8	CRITICAL Network	pharmacy_management_system_project	pharmacy_management_system	A vulnerability has been found in code-projects Pharmacy Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /index.php?action=editSalesman. The mani…	CWE-89 SQL Injection	CVE-2024-8146	2024-09-25 02:00	2024-08-25	Show	GitHub Exploit DB Packet Storm

319729	5.5	MEDIUM Local	apple	macos	This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access sensitive data …	NVD-CWE-noinfo	CVE-2024-44182	2024-09-25 01:52	2024-09-17	Show	GitHub Exploit DB Packet Storm

319730	6.1	MEDIUM Network	gitlab	gitlab	An issue has been discovered in GitLab EE affecting all versions starting from 11.1 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability …	CWE-601 Open Redirect	CVE-2024-4283	2024-09-25 01:51	2024-09-17	Show	GitHub Exploit DB Packet Storm

319731	7.5	HIGH Network	sigstore	sigstore-go	sigstore-go, a Go library for Sigstore signing and verification, is susceptible to a denial of service attack in versions prior to 0.6.1 when a verifier is provided a maliciously crafted Sigstore Bun…	CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')	CVE-2024-45395	2024-09-25 01:50	2024-09-5	Show	GitHub Exploit DB Packet Storm

319732	4.3	MEDIUM Network	gitlab	gitlab	An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2, where group runners information was disclosed to un…	NVD-CWE-noinfo	CVE-2024-6685	2024-09-25 01:48	2024-09-17	Show	GitHub Exploit DB Packet Storm

319733	6.1	MEDIUM Network	cern	indico	Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In Indico prior to version 3.3.4, corresponding to Flask-Multipass prior to version 0.…	CWE-79 Cross-site Scripting	CVE-2024-45399	2024-09-25 01:48	2024-09-5	Show	GitHub Exploit DB Packet Storm

319734	6.7	MEDIUM Local	qnap	qvr_smart_client	An unquoted search path or element vulnerability has been reported to affect QVR Smart Client. If exploited, the vulnerability could allow local authenticated administrators to execute unauthorized c…	CWE-428 Unquoted Search Path or Element	CVE-2022-27592	2024-09-25 01:44	2024-09-7	Show	GitHub Exploit DB Packet Storm

319735	7.5	HIGH Network	draytek	vigor3910_firmware	Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the fid parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.	CWE-120 Classic Buffer Overflow	CVE-2024-46580	2024-09-25 01:42	2024-09-19	Show	GitHub Exploit DB Packet Storm

319736	7.5	HIGH Network	draytek	vigor3910_firmware	Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPPPSrvNm parameter at fwuser.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted …	CWE-120 Classic Buffer Overflow	CVE-2024-46571	2024-09-25 01:42	2024-09-19	Show	GitHub Exploit DB Packet Storm

319737	7.5	HIGH Network	draytek	vigor3910_firmware	Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPeerId parameter at vpn.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.	CWE-120 Classic Buffer Overflow	CVE-2024-46568	2024-09-25 01:42	2024-09-19	Show	GitHub Exploit DB Packet Storm

319738	7.5	HIGH Network	draytek	vigor3910_firmware	Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the iProfileIdx parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted…	CWE-120 Classic Buffer Overflow	CVE-2024-46567	2024-09-25 01:42	2024-09-19	Show	GitHub Exploit DB Packet Storm

319739	7.5	HIGH Network	draytek	vigor3910_firmware	Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the CGIbyFieldName parameter at chglog.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a cra…	CWE-120 Classic Buffer Overflow	CVE-2024-46550	2024-09-25 01:42	2024-09-19	Show	GitHub Exploit DB Packet Storm

319740	7.2	HIGH Network	qnap	qts	An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have alre…	CWE-78 OS Command	CVE-2023-39300	2024-09-25 01:42	2024-09-7	Show	GitHub Exploit DB Packet Storm

319741	7.5	HIGH Network	draytek	vigor3910_firmware	Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPubKey parameter at dialin.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted in…	CWE-120 Classic Buffer Overflow	CVE-2024-46597	2024-09-25 01:41	2024-09-19	Show	GitHub Exploit DB Packet Storm

319742	7.5	HIGH Network	draytek	vigor3910_firmware	Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sAct parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.	CWE-120 Classic Buffer Overflow	CVE-2024-46596	2024-09-25 01:41	2024-09-19	Show	GitHub Exploit DB Packet Storm

319743	7.5	HIGH Network	draytek	vigor3910_firmware	Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the saveitem parameter at lan2lan.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted …	CWE-120 Classic Buffer Overflow	CVE-2024-46595	2024-09-25 01:41	2024-09-19	Show	GitHub Exploit DB Packet Storm

319744	7.5	HIGH Network	draytek	vigor3910_firmware	Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the saveVPNProfile parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a craf…	CWE-120 Classic Buffer Overflow	CVE-2024-46594	2024-09-25 01:41	2024-09-19	Show	GitHub Exploit DB Packet Storm

319745	7.5	HIGH Network	draytek	vigor3910_firmware	Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the trapcomm parameter at cgiswm.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted i…	CWE-120 Classic Buffer Overflow	CVE-2024-46593	2024-09-25 01:41	2024-09-19	Show	GitHub Exploit DB Packet Storm

319746	7.5	HIGH Network	draytek	vigor3910_firmware	Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the ssidencrypt_5g%d parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a cr…	CWE-120 Classic Buffer Overflow	CVE-2024-46592	2024-09-25 01:41	2024-09-19	Show	GitHub Exploit DB Packet Storm

319747	7.5	HIGH Network	draytek	vigor3910_firmware	Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sSrvAddr parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted in…	CWE-120 Classic Buffer Overflow	CVE-2024-46582	2024-09-25 01:41	2024-09-19	Show	GitHub Exploit DB Packet Storm

319748	7.5	HIGH Network	draytek	vigor3910_firmware	Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfName parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted i…	CWE-120 Classic Buffer Overflow	CVE-2024-46581	2024-09-25 01:41	2024-09-19	Show	GitHub Exploit DB Packet Storm

319749	7.5	HIGH Network	draytek	vigor3910_firmware	Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sAppName parameter at sslapp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted i…	CWE-120 Classic Buffer Overflow	CVE-2024-46566	2024-09-25 01:41	2024-09-19	Show	GitHub Exploit DB Packet Storm

319750	7.5	HIGH Network	draytek	vigor3910_firmware	Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sSrvName parameter at service.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted …	CWE-120 Classic Buffer Overflow	CVE-2024-46565	2024-09-25 01:41	2024-09-19	Show	GitHub Exploit DB Packet Storm